账号登录及权限管理
目录
1.登录功能
2.退出登录
3.权限管理
4.代码展示合集
这篇文章, 会讲到如何实现账号登录。账号就是我们上一篇文章写的账号管理功能, 就使用那里面已经创建好的账号。这一次登录, 我们分为三种角色, 分别是员工, 领导, 管理员。不同的角色, 登录进去之后的页面都是不一样的, 管理员权限最大, 拥有所有的功能, 而员工, 只有查看数据的功能, 不能做增删改, 而且能看到的数据, 也只有一部分数, 这种功能, 就是我们所谓的权限管理。
一、登录功能
如果嫌麻烦, 不想自己写登录界面的话, 可以去网上搜一下别人已经写好的登录界面。
网址: blog.csdn.net/ss810540895/article/details/125799099。
我们就找这一个登录界面吧:
我们把它的源码全部copy下来, 然后在templates下面的新建login文件夹, 接着再新建文件login.html。
login.html代码:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
<style>
* {
margin: 0;
padding: 0;
}
a {
text-decoration: none;
}
input,
button {
background: transparent;
border: 0;
outline: none;
}
body {
height: 100vh;
background: linear-gradient(#141e30, #243b55);
display: flex;
justify-content: center;
align-items: center;
font-size: 16px;
color: #03e9f4;
}
.loginBox {
width: 400px;
height: 364px;
background-color: #0c1622;
margin: 100px auto;
border-radius: 10px;
box-shadow: 0 15px 25px 0 rgba(0, 0, 0, .6);
padding: 40px;
box-sizing: border-box;
}
h2 {
text-align: center;
color: aliceblue;
margin-bottom: 30px;
font-family: 'Courier New', Courier, monospace;
}
.item {
height: 45px;
border-bottom: 1px solid #fff;
margin-bottom: 40px;
position: relative;
}
.item input {
width: 100%;
height: 100%;
color: #fff;
padding-top: 20px;
box-sizing: border-box;
}
.item input:focus+label,
.item input:valid+label {
top: 0px;
font-size: 2px;
}
.item label {
position: absolute;
left: 0;
top: 12px;
transition: all 0.5s linear;
}
.btn {
padding: 10px 20px;
margin-top: 30px;
color: #03e9f4;
position: relative;
overflow: hidden;
text-transform: uppercase;
letter-spacing: 2px;
left: 35%;
}
.btn:hover {
border-radius: 5px;
color: #fff;
background: #03e9f4;
box-shadow: 0 0 5px 0 #03e9f4,
0 0 25px 0 #03e9f4,
0 0 50px 0 #03e9f4,
0 0 100px 0 #03e9f4;
transition: all 1s linear;
}
.btn>span {
position: absolute;
}
.btn>span:nth-child(1) {
width: 100%;
height: 2px;
background: -webkit-linear-gradient(left, transparent, #03e9f4);
left: -100%;
top: 0px;
animation: line1 1s linear infinite;
}
@keyframes line1 {
50%,
100% {
left: 100%;
}
}
.btn>span:nth-child(2) {
width: 2px;
height: 100%;
background: -webkit-linear-gradient(top, transparent, #03e9f4);
right: 0px;
top: -100%;
animation: line2 1s 0.25s linear infinite;
}
@keyframes line2 {
50%,
100% {
top: 100%;
}
}
.btn>span:nth-child(3) {
width: 100%;
height: 2px;
background: -webkit-linear-gradient(left, #03e9f4, transparent);
left: 100%;
bottom: 0px;
animation: line3 1s 0.75s linear infinite;
}
@keyframes line3 {
50%,
100% {
left: -100%;
}
}
.btn>span:nth-child(4) {
width: 2px;
height: 100%;
background: -webkit-linear-gradient(top, transparent, #03e9f4);
left: 0px;
top: 100%;
animation: line4 1s 1s linear infinite;
}
@keyframes line4 {
50%,
100% {
top: -100%;
}
}
</style>
</head>
<body>
<div class="loginBox">
<h2>login</h2>
<form action="">
<div class="item">
<input type="text" required>
<label for="">userName</label>
</div>
<div class="item">
<input type="password" required>
<label for="">password</label>
</div>
<button class="btn">submit
<span></span>
<span></span>
<span></span>
<span></span>
</button>
</form>
</div>
</body>
</html>
然后我们在views下创建login.py文件:
login.py代码:
from django.core.exceptions import ValidationError
from django.shortcuts import render, redirect
from project_one.utils import pwd_data
from project_one.utils.PageData import PageData
from django import forms
from project_one import models
# Create your views here.
class LoginForm(forms.Form):
# 在登录界面里面, 只需要用户名和密码的输入框即可, 在attrs里面设置输入框的属性。
username = forms.CharField(widget=forms.TextInput(attrs={"placeholder": "用户名", "autocomplete": "off"}))
password = forms.CharField(widget=forms.PasswordInput(attrs={"placeholder": "密码", "autocomplete": "off", "type": "password"}))
# 对密码进行校验, 在校验函数里面, 我们对密码进行加密处理
def clean_password(self):
password = self.cleaned_data['password']
return pwd_data.md5(password)
def login(request):
if request.method == 'GET':
form = LoginForm()
return render(request, "login/login.html", {'form': form})
form = LoginForm(request.POST)
if form.is_valid():
print(form.cleaned_data)
admin_object = models.AdminRole.objects.filter(**form.cleaned_data).first()
if not admin_object:
form.add_error("password", "账号或密码错误")
return render(request, "login/login.html", {'form': form})
# 如果用户名和密码正确,即可登陆成功,将用户名和密码,身份信息存储在session当中
request.session['info'] = {"id": admin_object.id, "username": admin_object.username, "password": admin_object.password, "role": admin_object.role}
# 设置账号的时效期, 这里以秒为单位, 我们设置一个账号, 登录以后, 可以有一天时间使用, 时效期过去之后需要重新登录才可以继续使用网页
request.session.set_expiry(60*60*24*1)
# 登录成功过后, 会跳转到首页。
return redirect('/')
render(request, "login/login.html", {'form': form})
这里面我们不用之前的modelform而是直接用form, 我们这里只用到了表单, 但并没有用到数据库里面的字段, 不过我们在登录的时候, 判断账号密码是否正确的时候, 用到了
admin_object = models.AdminRole.objects.filter(**form.cleaned_data).first()这样一句话。这一句话, 也用了AdminRole那张数据表。意思是说判断输入框里面的内容, 有没有出现在AdminRole数据库里面, 如果有, 并且账号和密码也都对的上号, 那就说明登录成功, 否则就是登录失败。成功和失败, 就是admin_object的布尔值来决定的,models.AdminRole.objects.filter(**form.cleaned_data).first()返回的是布尔值。这里面没有对AdminRole表格进行任何增删改之类的操作, 所以不用modelform而是用form。
配置路由:
urls.py:
"""project_simple URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
https://docs.djangoproject.com/en/4.1/topics/http/urls/
Examples:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: path('', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: path('', Home.as_view(), name='home')
Including another URLconf
1. Import the include() function: from django.urls import include, path
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
"""
from django.contrib import admin
from django.urls import path
from project_one.views import depart, user, assets, admin_role, login
urlpatterns = [
path("login/", login.login)
]
运行结果:
登录下看看:
我们可以看到成功登录:
登录过后, 跳转到了首页。
但是这里面还有个bug, 就比如人家记住了首页, 或者其它页面的路由, 把/login改为了/index, 然后跳过了登录界面直接到了首页, 那这样的话, 就相当于登录功能没有任何意义。
所以我们不允许别人这样操作, 一旦人家这么操作, 我们就再让界面重定向到登录界面, 这样的话, 人家就无法通过改变路由来切换页面了。
我们这时候就要用到中间件来解决该问题。
我们在app里面创建middleware文件夹, 在下面创建一个auth.py文件。
auth.py代码:
from django.shortcuts import render, redirect, HttpResponse
from django.utils.deprecation import MiddlewareMixin
from django.conf import settings
# 自己写中间件, 需要导入包: from django.utils.deprecation import MiddlewareMixin
class AuthMiddleware(MiddlewareMixin):
# 登录校验
def process_request(self, request):
# 避免打开login页面之后验证login页面, 不然就会产生死循环。
# 这里需要忽略以下路由
if request.path_info in ["/login/", "/logout/"]:
return
info_dict = request.session.get('info')
if info_dict:
request.unicom_id = info_dict['id']
request.unicom_username = info_dict['username']
request.unicom_role = info_dict['role']
return
return redirect("/login/")
这里面的request.unicom_xxx = info_dict[‘xxx’]这样的写法, 就是获取之前在登录那边写的session里面的info信息里面的各个key的值, 我们分别获取id, username和role三个key的值, 之后我们会用到。
这里面的代码就是防止用户通过改变路由的方式来跳过密码登录的一个手段。
然后我们需要在settings.py里面配置中间件:
settings.py(中间件部分的配置代码):
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
# 我们自己写的中间件AuthMiddleware。
'project_one.middleware.auth.AuthMiddleware'
]
找到MIDDLEWARE, 里面把我们自己写好的中间件添加进去。
此时此刻, 再打开网页去试一试, 进去之后, 如果有把路由login改为其它路由的操作的话, 网页会重定向到login界面, 那就不会出现刚才那种情况啦。
还有, 我们登录成功之后, 在网页的右上角有个人信息的展示, 那边的昵称必须是展示登录账号的那个昵称。
所以我们还需要修改前端的对应代码:
model_tmp.html:
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
aria-expanded="false">欢迎-->{{ request.session.info.username }}<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">退出登录</a></li>
</ul>
</li>
</ul>
二、退出功能
这个其实很简单, 就是当用户点击退出登录的按钮之后, 我们需要做的就是让网页重定向到登录界面。
我们再login.py里面写重定向代码:
login.py:
def logout(request):
# 退出登录的时候, 清除session。
request.session.clear()
return redirect("/login/")
这里不要忘记清除session, session是一个账户登录之后, 存储的账号相关信息, 在用户选择退出登录的时候, 必须清除。
路由配置:
urls.py:
"""project_simple URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
https://docs.djangoproject.com/en/4.1/topics/http/urls/
Examples:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: path('', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: path('', Home.as_view(), name='home')
Including another URLconf
1. Import the include() function: from django.urls import include, path
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
"""
from django.contrib import admin
from django.urls import path
from project_one.views import depart, user, assets, admin_role, login
urlpatterns = [
path("login/", login.login),
path("logout/", login.logout)
]
最后我们在前端页面里面绑定退出登录功能的路由:
model_tmp.html
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
aria-expanded="false">Nathan<span class="caret"></span></a>
<ul class="dropdown-menu">
{# 给退出登录加上对应的路由 #}
<li><a href="/logout/">退出登录</a></li>
</ul>
</li>
</ul>
三、权限管理
在文章的一开始我们也说到, 不同的角色, 登录进去的页面和功能都不一样, 权限也不一样。
要实现这个功能, 也需要在中间件里面写相应的代码, 不过我们在写中间件的代码之前, 我们还需要做两步。
1.在每一个路由path的最后面, 都加上name属性:
urls.py
"""project_simple URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
https://docs.djangoproject.com/en/4.1/topics/http/urls/
Examples:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: path('', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: path('', Home.as_view(), name='home')
Including another URLconf
1. Import the include() function: from django.urls import include, path
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
"""
from django.contrib import admin
from django.urls import path
from project_one.views import depart, user, assets, admin_role, login
urlpatterns = [
# path('admin/', admin.site.urls),
path("", depart.index, name="index"),
path("depart/", depart.depart, name="depart"),
path("depart/add/", depart.add_depart, name="add_depart"),
path("depart/<int:nid>/modify/", depart.depart_modify, name="depart_modify"),
path("depart/<int:nid>/del/", depart.del_depart, name="del_depart"),
path("user/", user.user_info, name="user_info"),
path("user/add/", user.user_add, name="user_add"),
path("user/<int:nid>/modify/", user.user_modify, name="user_modify"),
path("user/<int:nid>/del/", user.user_del, name="user_del"),
path("user/add/modelform", user.user_add_modelform, name="user_add_modelform"),
path("user/<int:nid>/modify/modelform", user.user_modify_modelform, name="user_modify_modelform"),
path("assets_list/", assets.assets, name="assets"),
path("assets/add/", assets.assets_add, name="assets_add"),
path("assets/<int:nid>/modify/", assets.assets_modify, name="assets_modify"),
path("assets/<int:nid>/del/", assets.assets_del, name="assets_del"),
path("admin_list/", admin_role.admin, name="admin"),
path("admin/add/", admin_role.admin_add, name="admin_add"),
path("admin/<int:nid>/modify/", admin_role.admin_modify, name="admin_modify"),
path("admin/<int:nid>/reset/pwd/", admin_role.admin_reset_pwd, name="admin_reset_pwd"),
path("admin/<int:nid>/del/", admin_role.admin_del, name="admin_del"),
path("login/", login.login, name="login"),
path("logout/", login.logout, name="logout")
]
2.在settings.py设置文件里面, 加上权限列表:
settings.py:
UNICOM_PERMISSION = {
1: ["add_depart", "depart_modify", "del_depart", "user_add", "user_modify", "user_del", "user_add_modelform",
"user_modify_modelform", "assets_add", "assets_modify", "assets_del", "admin_add", "admin_modify",
"admin_reset_pwd", "admin_del"],
2: [],
3: []
}
这里面的1代表员工(用户), 2代表领导, 3代表管理员。
在1对应的列表里面的所有路由, 都是被禁止访问以及使用的, 也就是说员工有以上列表里面的那些东西是不能够访问的。
然后才是写中间件代码:
auth.py代码:
from django.shortcuts import render, redirect, HttpResponse
from django.utils.deprecation import MiddlewareMixin
from django.conf import settings
# 自己写中间件, 需要导入包: from django.utils.deprecation import MiddlewareMixin
class AuthMiddleware(MiddlewareMixin):
# 登录校验
def process_request(self, request):
# 避免打开login页面之后验证login页面, 不然就会产生死循环。
# 这里需要忽略以下路由
if request.path_info in ["/login/", "/logout/"]:
return
info_dict = request.session.get('info')
if info_dict:
request.unicom_id = info_dict['id']
request.unicom_username = info_dict['username']
request.unicom_role = info_dict['role']
return
return redirect("/login/")
def process_view(self, request, view_func, args, kwargs):
if request.path_info in ["/login/", "/logout/"]:
return
role = request.unicom_role
# 这个就是我们刚才在配置文件settings.py里面配置的UNICOM_PERMISSION列表。
# 写这个代码需要导入相应的包:from django.conf import settings
user_permission_list = settings.UNICOM_PERMISSION[role]
# 当前请求的路由name不在这个列表当中, 说明可以访问, 因为我们在settings.py配置文件里面写到, UNICOM_PERMISSION里面写的路由, 是被禁止访问的。这里需要用到request.resolver_match.url_name来代表用户访问网站时候的网址对应的路由。
if request.resolver_match.url_name not in user_permission_list:
return
return HttpResponse("没有权限")
这样, 我们就把权限管理的功能写好了, 我们只需要在前端进行判断当前登录的账号是员工还是管理员就可以了。
user_list.html:
{# 表头内容 #}
{% if request.unicom_role == 3 %}
<th>操作</th>
{% endif %}
{# 表中的内容 #}
{% if request.unicom_role == 3 %}
<td style="color: green">
<a href="/user/{{ data.id }}/modify/modelform"><span style="color: green;" class="glyphicon glyphicon-pencil" aria-hidden="true"></span></a>
<a href="/user/{{ data.id }}/del/"><span style="color: red;" class="glyphicon glyphicon-trash" aria-hidden="true"></span></a>
</td>
{% endif %}
depart.html:
{# 表头内容 #}
{% if request.unicom_role == 3 %}
<th>操作</th>
{% endif %}
{# 表中的内容 #}
{% if request.unicom_role == 3 %}
<td style="color: green">
<a href="/depart/{{ data.id }}/modify/"><span style="color: green;" class="glyphicon glyphicon-pencil" aria-hidden="true"></span></a>
<a href="/depart/{{ data.id }}/del/"><span style="color: red;" class="glyphicon glyphicon-trash" aria-hidden="true"></span></a>
</td>
{% endif %}
网页里面的
if request.unicom_role == 3这行代码就是判断登录的账号是不是管理员账号, 如果是的话, 可以展现操作那一列的数据, 并且可以进行修改和删除, 否则就不行。
model_tmp.html:
{% if request.unicom_role == 1 %}
<li class="active"><a href="/depart/">部门页面</a></li>
<li class="active"><a href="/user/">员工页面</a></li>
{% elif request.unicom_role == 3%}
<li class="active"><a href="/depart/">部门页面</a></li>
<li class="active"><a href="/user/">员工页面</a></li>
<li class="active"><a href="/assets_list/">资产页面</a></li>
{% endif %}
中间还有很多代码, 略……………………
{% if request.unicom_role == 3 %}
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
aria-expanded="false">平台用户<span class="caret"></span></a>
{% endif %}
这里面的意思也很简单, 就是员工只能看到部门页面的信息和员工页面的信息, 而且只能够查看信息(只能查看信息的原因, 在上面的两个html里面已经写到了), 而管理员, 能够看到部门页面、员工页面、资产页面并且还有平台用户的信息也能够看到, 而且还能增加修改删除里面的所有数据。
运行结果:
我们先登录下员工(普通用户)的账号:
进到部门或员工页面, 可以看到相应信息, 右边没有操作列。
点击添加信息按钮, 网页会提示没有权限。
意为着不能添加数据, 因为员工没有该权限。
我们再登录一下管理员的账号:
登录管理员账号Nathan:
登录过后:
点开任意一个页面, 比如员工页面:
最右边有操作列。
点击添加信息按钮:
可以添加信息。
点击任意一个修改按钮:
一样可以修改数据。
同理, 一样可以删除数据。
管理员, 拥有里面的所有权限,不仅所有的页面都可查看, 还可以对数据进行增加修改删除。
四、代码展示合集
登录功能代码:
login.py:
from django.core.exceptions import ValidationError
from django.shortcuts import render, redirect
from project_one.utils import pwd_data
from project_one.utils.PageData import PageData
from django import forms
from project_one import models
# Create your views here.
class LoginForm(forms.Form):
username = forms.CharField(widget=forms.TextInput(attrs={"placeholder": "用户名", "autocomplete": "off"}))
password = forms.CharField(widget=forms.PasswordInput(attrs={"placeholder": "密码", "autocomplete": "off", "type": "password"}))
# 对密码进行校验, 在校验函数里面, 我们对密码进行加密处理
def clean_password(self):
password = self.cleaned_data['password']
return pwd_data.md5(password)
def login(request):
if request.method == 'GET':
form = LoginForm()
return render(request, "login/login.html", {'form': form})
form = LoginForm(request.POST)
if form.is_valid():
print(form.cleaned_data)
admin_object = models.AdminRole.objects.filter(**form.cleaned_data).first()
if not admin_object:
form.add_error("password", "账号或密码错误")
return render(request, "login/login.html", {'form': form})
# 如果用户名和密码正确,即可登陆成功,将用户名和密码,身份信息存储在session当中
request.session['info'] = {"id": admin_object.id, "username": admin_object.username, "password": admin_object.password, "role": admin_object.role}
# 设置账号的时效期, 这里以秒为单位, 我们设置一个账号, 登录以后, 可以有一天时间使用, 时效期过去之后需要重新登录才可以继续使用网页
request.session.set_expiry(60*60*24*1)
return redirect('/')
render(request, "login/login.html", {'form': form})
def logout(request):
# 退出登录的时候, 清除session。
request.session.clear()
return redirect("/login/")
中间件代码:
auth.py:
from django.shortcuts import render, redirect, HttpResponse
from django.utils.deprecation import MiddlewareMixin
from django.conf import settings
class AuthMiddleware(MiddlewareMixin):
# 登录校验
def process_request(self, request):
# 避免打开login页面之后验证login页面, 不然就会产生死循环。
# 这里需要忽略以下路由
if request.path_info in ["/login/", "/logout/"]:
return
info_dict = request.session.get('info')
if info_dict:
request.unicom_id = info_dict['id']
request.unicom_username = info_dict['username']
request.unicom_role = info_dict['role']
return
return redirect("/login/")
def process_view(self, request, view_func, args, kwargs):
if request.path_info in ["/login/", "/logout/"]:
return
role = request.unicom_role
user_permission_list = settings.UNICOM_PERMISSION[role]
# 当前请求的路由name不在这个列表当中
if request.resolver_match.url_name not in user_permission_list:
return
return HttpResponse("没有权限")
路由配置:
urls.py:
"""project_simple URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
https://docs.djangoproject.com/en/4.1/topics/http/urls/
Examples:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: path('', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: path('', Home.as_view(), name='home')
Including another URLconf
1. Import the include() function: from django.urls import include, path
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
"""
from django.contrib import admin
from django.urls import path
from project_one.views import depart, user, assets, admin_role, login
urlpatterns = [
# path('admin/', admin.site.urls),
path("", depart.index, name="index"),
path("depart/", depart.depart, name="depart"),
path("depart/add/", depart.add_depart, name="add_depart"),
path("depart/<int:nid>/modify/", depart.depart_modify, name="depart_modify"),
path("depart/<int:nid>/del/", depart.del_depart, name="del_depart"),
path("user/", user.user_info, name="user_info"),
path("user/add/", user.user_add, name="user_add"),
path("user/<int:nid>/modify/", user.user_modify, name="user_modify"),
path("user/<int:nid>/del/", user.user_del, name="user_del"),
path("user/add/modelform", user.user_add_modelform, name="user_add_modelform"),
path("user/<int:nid>/modify/modelform", user.user_modify_modelform, name="user_modify_modelform"),
path("assets_list/", assets.assets, name="assets"),
path("assets/add/", assets.assets_add, name="assets_add"),
path("assets/<int:nid>/modify/", assets.assets_modify, name="assets_modify"),
path("assets/<int:nid>/del/", assets.assets_del, name="assets_del"),
path("admin_list/", admin_role.admin, name="admin"),
path("admin/add/", admin_role.admin_add, name="admin_add"),
path("admin/<int:nid>/modify/", admin_role.admin_modify, name="admin_modify"),
path("admin/<int:nid>/reset/pwd/", admin_role.admin_reset_pwd, name="admin_reset_pwd"),
path("admin/<int:nid>/del/", admin_role.admin_del, name="admin_del"),
path("login/", login.login, name="login"),
path("logout/", login.logout, name="logout")
]
settings.py配置文件需要配置的地方:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
# 添加自己写好的中间件。
'project_one.middleware.auth.AuthMiddleware'
]
# 在配置文件里面添加权限管理, 在列表里面的内容, 对应的角色(如员工)不能被访问。
UNICOM_PERMISSION = {
1: ["add_depart", "depart_modify", "del_depart", "user_add", "user_modify", "user_del", "user_add_modelform",
"user_modify_modelform", "assets_add", "assets_modify", "assets_del", "admin_add", "admin_modify",
"admin_reset_pwd", "admin_del"],
2: [],
3: []
}
login.html文件:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
<style>
* {
margin: 0;
padding: 0;
}
a {
text-decoration: none;
}
input,
button {
background: transparent;
border: 0;
outline: none;
}
body {
height: 100vh;
background: linear-gradient(#141e30, #243b55);
display: flex;
justify-content: center;
align-items: center;
font-size: 16px;
color: #03e9f4;
}
.loginBox {
width: 400px;
height: 364px;
background-color: #0c1622;
margin: 100px auto;
border-radius: 10px;
box-shadow: 0 15px 25px 0 rgba(0, 0, 0, .6);
padding: 40px;
box-sizing: border-box;
}
h2 {
text-align: center;
color: aliceblue;
margin-bottom: 30px;
font-family: 'Courier New', Courier, monospace;
}
.item {
height: 45px;
border-bottom: 1px solid #fff;
margin-bottom: 40px;
position: relative;
}
.item input {
width: 100%;
height: 100%;
color: #fff;
padding-top: 20px;
box-sizing: border-box;
}
.item input:focus+label,
.item input:valid+label {
top: 0px;
font-size: 2px;
}
.item label {
position: absolute;
left: 0;
top: 12px;
transition: all 0.5s linear;
}
.btn {
padding: 10px 20px;
margin-top: 30px;
color: #03e9f4;
position: relative;
overflow: hidden;
text-transform: uppercase;
letter-spacing: 2px;
left: 35%;
}
.btn:hover {
border-radius: 5px;
color: #fff;
background: #03e9f4;
box-shadow: 0 0 5px 0 #03e9f4,
0 0 25px 0 #03e9f4,
0 0 50px 0 #03e9f4,
0 0 100px 0 #03e9f4;
transition: all 1s linear;
}
.btn>span {
position: absolute;
}
.btn>span:nth-child(1) {
width: 100%;
height: 2px;
background: -webkit-linear-gradient(to left, transparent, #03e9f4);
left: -100%;
top: 0px;
animation: line1 1s linear infinite;
}
@keyframes line1 {
50%,
100% {
left: 100%;
}
}
.btn>span:nth-child(2) {
width: 2px;
height: 100%;
background: -webkit-linear-gradient(to top, transparent, #03e9f4);
right: 0px;
top: -100%;
animation: line2 1s 0.25s linear infinite;
}
@keyframes line2 {
50%,
100% {
top: 100%;
}
}
.btn>span:nth-child(3) {
width: 100%;
height: 2px;
background: -webkit-linear-gradient(to left, #03e9f4, transparent);
left: 100%;
bottom: 0px;
animation: line3 1s 0.75s linear infinite;
}
@keyframes line3 {
50%,
100% {
left: -100%;
}
}
.btn>span:nth-child(4) {
width: 2px;
height: 100%;
background: -webkit-linear-gradient(to top, transparent, #03e9f4);
left: 0px;
top: 100%;
animation: line4 1s 1s linear infinite;
}
@keyframes line4 {
50%,
100% {
top: -100%;
}
}
</style>
</head>
<body>
<div class="loginBox">
<h2>登录界面</h2>
<form method="post">
{% csrf_token %}
<div class="item">
{{ form.username }}
</div>
<div class="item">
{{ form.password }}
<span style="color: red">{{ form.password.errors.0 }}</span>
</div>
<button class="btn">登录
<span></span>
<span></span>
<span></span>
<span></span>
</button>
</form>
</div>
</body>
</html>
model_tmp.html:
{% load static %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<link rel="stylesheet" href="{% static 'css/bootstrap.css' %}">
{% block css %}
{% endblock %}
</head>
<body>
<div class="navbar navbar-default">
<div class="container">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse"
data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">管理系统</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
{% if request.unicom_role == 1 %}
<li class="active"><a href="/depart/">部门页面</a></li>
<li class="active"><a href="/user/">员工页面</a></li>
{% elif request.unicom_role == 3%}
<li class="active"><a href="/depart/">部门页面</a></li>
<li class="active"><a href="/user/">员工页面</a></li>
<li class="active"><a href="/assets_list/">资产页面</a></li>
{% endif %}
{# <li class="active"><a href="/depart/">部门页面</a></li>#}
{# <li class="active"><a href="/user/">员工页面</a></li>#}
{# <li class="active"><a href="/assets_list/">资产页面</a></li>#}
<li class="dropdown">
{% if request.unicom_role == 3 %}
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
aria-expanded="false">平台用户<span class="caret"></span></a>
{% endif %}
<ul class="dropdown-menu">
<li><a href="/admin_list/">登录账号</a></li>
</ul>
</li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"
aria-expanded="false">欢迎-->{{ request.session.info.username }}<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="/logout/">退出登录</a></li>
</ul>
</li>
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
</div>
{% block content %}
{% endblock %}
<script src="{% static 'js/jquery3.7.1.js' %}"></script>
<script src="{% static 'js/bootstrap.js' %}"></script>
{% block js %}
{% endblock %}
</body>
</html>
user_list.html:
{% extends "index/model_tmp.html" %}
{% block content %}
<div class="container">
<a href="/user/add/" class="btn btn-success">添加信息</a>
<a href="/user/add/modelform" class="btn btn-warning">添加信息</a>
<div class="panel panel-danger">
<div class="panel-heading">
<h3 class="panel-title">员工表</h3>
</div>
<div class="panel-body">
<table class="table table-hover">
<thead>
<tr>
<th>ID</th>
<th>姓名</th>
<th>性别</th>
<th>薪水</th>
<th>年龄</th>
<th>入职时间</th>
<th>部门</th>
{% if request.unicom_role == 3 %}
<th>操作</th>
{% endif %}
</tr>
</thead>
<tbody>
{% for data in user_list %}
<tr>
<th scope="row">{{ data.id }}</th>
<td>{{ data.name }}</td>
<td>{{ data.get_gender_display }}</td>
<td>{{ data.salary }}</td>
<td>{{ data.age }}</td>
<td>{{ data.create_time|date:"Y-m-d" }}</td>
<td>{{ data.department.title }}</td>
{% if request.unicom_role == 3 %}
<td style="color: green">
<a href="/user/{{ data.id }}/modify/modelform"><span style="color: green;" class="glyphicon glyphicon-pencil" aria-hidden="true"></span></a>
<a href="/user/{{ data.id }}/del/"><span style="color: red;" class="glyphicon glyphicon-trash" aria-hidden="true"></span></a>
</td>
{% endif %}
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
{# 实现分页查询 #}
<ul class="pagination">
{{ page_string }}
</ul>
</div>
{% endblock %}
depart.html:
{% extends "index/model_tmp.html" %}
{% block content %}
<div class="container">
<a href="/depart/add/" class="btn btn-success">添加信息</a>
<div class="panel panel-danger">
<div class="panel-heading">
<h3 class="panel-title">部门表</h3>
</div>
<div class="panel-body">
<table class="table table-hover">
<thead>
<tr>
<th>ID</th>
<th>部门</th>
{% if request.unicom_role == 3 %}
<th>操作</th>
{% endif %}
</tr>
</thead>
<tbody>
{% for data in data_list %}
<tr>
<th scope="row">{{ data.id }}</th>
<td>{{ data.title }}</td>
{% if request.unicom_role == 3 %}
<td style="color: green">
<a href="/depart/{{ data.id }}/modify/"><span style="color: green;" class="glyphicon glyphicon-pencil" aria-hidden="true"></span></a>
<a href="/depart/{{ data.id }}/del/"><span style="color: red;" class="glyphicon glyphicon-trash" aria-hidden="true"></span></a>
</td>
{% endif %}
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
{# 实现分页查询 #}
<ul class="pagination">
{{ page_string }}
</ul>
</div>
{% endblock %}
好了, 这篇文章的内容就到此结束了!!!
以上就是Django的账号登录及权限管理的所有内容了, 如果有哪里不懂的地方,可以把问题打在评论区, 欢迎大家在评论区交流!!!
如果我有写错的地方, 望大家指正, 也可以联系我, 让我们一起努力, 继续不断的进步.
学习是个漫长的过程, 需要我们不断的去学习并掌握消化知识点, 有不懂或概念模糊不理解的情况下,一定要赶紧的解决问题, 否则问题只会越来越多, 漏洞也就越老越大.
人生路漫漫, 白鹭常相伴!!!